Leadership on Demand
When you need information security expertise, you need it right away.
Anitian’s vCISO service brings world-class technical leadership
to your organization at a moment’s notice.
- Security Program Development
- Policy and Procedure Development
- Industry and Market Trend Research
- Technical Due Diligence
- Staff Augmentation
- Audit Stewardship
Staff augmentation or help as-needed. We are ready to assist your security efforts with seasoned security leaders.
VIRTUAL CISO: STAFF AUGMENTATION
Put a CISO on staff, without putting a CISO on staff. With Anitian’s Virtual CISO you can get expert advice, guidance, and analysis for anything, whether it is negotiating with a vendor, filling out a third party security request, or building an entire security program. Virtual CISO services can include:
- Security program development
- Leadership and coaching
- Committee leadership or participation
- Compliance management and audit stewardship
- Security policy, process, and procedure development
- Incident response
- Security training and awareness
- Security assessment
- Internal auditing
- Completing third party vendor questionnaires
- Developing executive reports, metrics, dashboards, and alerts
- Negotiating with vendors
- Developing RFPs
- Evaluating security technologies (objectively)
- Monitoring security controls and alerts
ON DEMAND VIRTUAL CISO
Need short term, on-demand CISO expertise? Anitian’s vCISO On Demand puts world-class information security expertise in your organization at a moment’s notice. Your virtual CISO can handle a diverse set of tasks including:
- Performing risk analysis
- Reviewing reports, alerts, or data
- Writing policies, procedures, or guidelines
- Tuning and optimizing SIEM, NGFW, or other security controls
- Responding to security questionnaires
- Providing general information security guidance
- Assisting with incident response
- Cloud security and architecture guidance
- Evaluating security technologies
- Recruiting and interviewing security talent
SECURITY PROGRAM DEVELOPMENT: OVERVIEW
Security programs are changing. Whether you have a current program, need a new one, or never had one to begin with, Anitian can design, implement, and optimize a program to defend your business and maximize security investments. We specialize in optimizing security programs for the changing workplace demographics.
Is your program effective? Is it well suited for a workforce of Millennials? Has it adapted to new compliance requirements? These are some of the questions a Security Program Assessment can answer. Our team can perform an honest, objective analysis of your current practices. We look at the realities of your business, IT infrastructure, and workforce. More importantly, we develop recommendations that align with these realities. The typical assessment includes:
- Detailed scoping and project management
- One-on-one interviews with key decision-makers, business process owners, and technology staff
- A precision review of current security policies, procedures, guidelines, and artifacts
- Assessment of compliance programs and practices (if relevant)
- An in-depth technical assessment, including penetration testing and configuration analysis
- Alignment with industry best practices and security frameworks (like COBIT)
- Detailed recommendations with action plan
Get ahead of the threats with security policies people actually read and respect. Anitian has a long history of writing creative, compelling, and concise documentation. Some of the common documents we can write include:
- Acceptable use policy
- Risk assessment
- Data handling policy
- Incident response policy (and procedures)
- Password policy
- Encryption policy
- Data retention policy
- System configuration standards
- Mobile device policy
- Confidentiality policy
You can select from one of three different ways to engage Anitian for policy development work:
- Option 1 – Policy Review: You write the content, we review, edit, and make recommendations to assure alignment with relgulatory standards and security best practices.
- Option 2 – Collaborative Development: Your team and Anitian work collaboratively to write, edit, and publish security policies. In this arrangement, you write some, we write some – and we share back and forth.
- Option 3 – Full Outsource: Anitian takes care of everything. We provide a full-time, expert security analyst to write, edit, and publish security policies.
Regardless of which option you chose, all our policy development projects include:
- Formal project management
- Client engagement portal, for secure sharing of content
- Access to Anitian’s library of policy templates and content, amassed from 23 years of security work
- Practical, pragmatic approach to information security
- Authentic content. Anitian has a unique method for writing security policies that is specifically designed to appeal to the growing Millennial workforce.
- Integrated training, knowledge transfer, and on-site workshops to ensure everybody is on the same page.
POLICY AND PROCEDURE DEVELOPMENT: OVERVIEW
Policies, procedures, and guideline documents are one of the most important artifacts of a security program. But they are only useful if people read them. Anitian is a leader in the art of writing security policies employees read and follow. We have developed a library of content specifically targeted at today’s workforce. These documents concisely communicate complex security concepts.
Anitian will work along-side your team to develop your security policies, procedures, and guidelines. Policy Development includes:
- Research relevant content and structure for documents
- Provide templates and layouts
- Review content and provide feedback
- Mentor and guide Client staff on producing and implementing content
- Assist with integrating content with other documents or frameworks as necessary
POLICIES FOR THE MILLENNIAL WORKFORCE
Anitian has built an entire security policy framework specifically to engage the modern workforce. These policies are based on the most recent research on communicating with a generation that grew up using the Internet. If your workforce is struggling to adopt security policies, Anitian can help. Our typical engagement includes:
- Detailed scoping for document framework
- Audience profiling and targeting
- Development of content aligned with your corporate vision, mission, and core values
- Training and educational engagements
Are your policies working? Anitian can craft a sequence of tests to assess the effectiveness of your security policies. This can include services such as social engineering, configuration assessment, and more. After these tests, we can recommend improvements and additions to your policies See our Ring.Zero testing services for more information about our testing services.
- Research of relevant content and structure for documents
- Provision of templates and layouts
- Review of content, providing feedback based on our analysis
- Assisting you and your staff with the production and implementation of future content
- Assistance with integrating content into other documents or frameworks as necessary
In-depth assessment of your current documents. Anitian can provide constructive feedback to better align policies with regulatory requirements, like PCI, HIPAA, or NIST / DFARS.
Document Review includes:
- Assessment of clarity and relevance of content
- Review of alignment with relevant regulations or compliance standards
- Review of alignment with operational and technical realities in the organization
- Assessment of policy statement effectiveness
- Recommendations of document improvements
- Provision of templates and sample content
- Review of drafts and assistance with new content development
INDUSTRY AND MARKET TREND RESEARCH: OVERVIEW
With over 20 years of experience, Anitian is the world’s most seasoned information security consultancy, with a massive back catalog of work. This longevity in the industry provides our people with tremendous insight and exhaustive experience in security technologies, techniques, and people. Anitian’s Industry & Market Trend Research services deliver targeted thought leadership and expertise to help high-performance businesses and investors make informed strategic decisions. Anitian currently advises over 50 different hedge funds, institutional investors, and large Fortune 1000 companies on matters of information security, privacy and security technologies.
New concepts, ideas and technologies are constantly flooding the market. It can be difficult for anyone – let alone busy, high-performance CIOs – to keep up-to-date on the latest trends and concepts. Anitian delivers real-time, actionable intelligence that is focused and packaged to allow for effective decision-making. Before you make the next large strategic decision, let the experts at Anitian do the research and make sure your decisions are backed up with hard evidence and real-world expertise. Typical Industry Research projects include:
- Researching a new or emerging technology
- Analyzing a vendor – their performance, reputation and capabilities
- Researching vulnerabilities to a development or hosting environment
- Conducting surveys to assess security awareness of user populations
- Testing a technology for vulnerabilities or weaknesses
- Review of designs, architecture, or plans for security risks
Designed for investors and hedge fund managers who need to compile research for decision-makers, Anitian’s Industry Analysis consultations provide an in-the-trenches view of security companies, their products, and their sales. Insightful analysis from experienced veterans delivers unparalleled insights into the real-world application of a manufacturer’s technologies. Since Anitian is not dependent upon reseller income, we can be totally honest about our technology experiences, to deliver true research that is free of bias.
Areas where Anitian can consult include:
- Unified threat management (UTM) / next-generation firewall (NGFW)
- Intrusion detection and intrusion prevention systems (IDS/IPS)
- Endpoint security, anti-malware, anti-virus
- Remote access
- Encryption and data security
- Cloud security
- Mobile device management (MDM) and mobile security
- Risk management
- Regulatory compliance (PCI, HIPAA, NERC, etc.)
- Vulnerability management Data loss prevention (DLP)
- Email security, encryption and archiving
- Hacking tools, techniques and trends
- Emerging technologies
- Database security
- Voice over IP (VoIP) security and privacy issues
- Expertise with Android, Apple IOS, and Blackberry mobile platforms
TECHNICAL DUE DILIGENCE: OVERVIEW
ASSESSMENT AND SUPPORT
In-depth analysis of a technology. Anitian can help you understand the strengths and weaknesses of a technology. We go beyond the analyst reports and marketing slides, with hands-on product analysis in our labs.
Before you make a big investment, Anitian can help you understand how your investment aligns with future trends. With over 20 years of experience, we have a strong track record of predicting the rise and fall of security trends
Understand exactly where a product or technology fits in the current market. Anitian has access to some of the most accomplished experts in the industry, as well as our own insights from our pool of clients.
Go into merger or acquisition negotiations strong. When Anitian is on your side, you have an experienced, intelligent, and forthright team who can quickly separate the hype from the reality.
STAFF AUGMENTATION: OVERVIEW
Get the talent you need with the support they need. Anitian’s staff augmentation services puts information security experts in your business.
EXPERTS ON DEMAND
EXPERTS AVAILABLE NOW
Whether it is an entry-level or seasoned executive position, we can get you exactly the person you need.
Some of the common positions we staff include:
- Information Security Officers
- Security analysts
- Firewall administrators
- Network administrators
- Penetration testers / vulnerability management
- Endpoint security managers
- Compliance analysts (PCI, NERC, HIPAA, etc.)
- Risk assessors
- Security operation center (SOC) staff
- IDS/IPS managers
- SIEM administrators
Anitian fully supports the people we staff. Our contract staff receives full employment benefits, training, coaching, and access to Anitian’s other subject matter experts. When you hire an Anitian person, you also gain access to a whole team of cybersecurity expertise.
AUDIT STEWARDSHIP: OVERVIEW
Take the pressure off your team. Outsource audit stewardship to Anitian. We can ensure your audits are efficient and successful. Mostly, we can make sure all you are not merely compliant, but making compliance an everyday business practice.
AUDIT SUPPORT SERVICES
Anitian Run Books put everything the auditor needs into a single binder. This dramatically accelerates the audit process.
DIVERSE STANDARD SUPPORT
We support all the security standards: SOC2, ISO 27001, NIST, DFARS, FISMA, GLBA, PCI, FedRAMP, and more.
Anitian assesses your policies, procedures, and other supporting documentation to ensure ideal alignment with relevant regulatory standards.
With over 20 years of providing security services, Anitian has amassed an impressive library of content. We can draw upon this library for policies, practices, and configurations to accelerate the compliance process.
Advances in Cloud Security
Automation and Orchestration
in the Cloud
Compliance at Ludicrous Speed
Sherlock is a unified, automated platform to accelerate compliance in the cloud.
For PCI, FedRAMP, or ISO/GDPR, Sherlock gets you there, and keeps you there.